CVE-2023-32136Stack-based Buffer Overflow in Dlink Dap-1360 Firmware

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 29.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Dlink Dap-1360 FirmwareDlink Dap-2020 FirmwareD-link Dap-1360
Timeline
PublishedMay 3

Description

D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:menu parameter, the process does not properly validate the length of user-supplied data prior to

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDdlink/dap-1360_firmware< 6.15eub01
CVEListV5d-link/dap-13606.14B01 EU HOTFIX
NVDdlink/dap-2020_firmware< 1.03rc004

🔴Vulnerability Details

2
CVEList
D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability2024-05-03
GHSA
GHSA-9vrg-cpf5-hchw: D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability2024-05-03
CVE-2023-32136 — Stack-based Buffer Overflow in Dlink | cvebase